It’s the second Tuesday of the month, and that means it’s Update Tuesday, Microsoft’s monthly release of available security patches for nearly all software it supports. This time, the software developer identified six zero-days in active exploitation in the wild, along with a wide range of other vulnerabilities that pose a threat to end users.
Two of the zero-days are highly critical vulnerabilities in Exchange that, when used together, allow hackers to execute malicious code on servers. These vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082 appeared In September. At the time, researchers in Vietnam reported that they were being used to infect internal Exchange servers with web shells, text-based interfaces that allow people to execute commands remotely.
The vulnerabilities, better known as ProxyNotShell, affect on-premises Exchange servers. At the time the zero days became public knowledge, Shodan searches indicated that approximately 220,000 servers were vulnerable. In early October, Microsoft said it was aware of only one threat actor exploiting the vulnerabilities, and that the actor targeted fewer than 10 organizations. The threat actor is fluent in Simplified Chinese, showing his connection to China.
The third zero-day CVE-2022-41128 is a critical vulnerability in Windows that could allow a threat actor to remotely execute malicious code. The vulnerability, which works when a vulnerable device accesses a malicious server, was discovered by Clément Lecigne of Google’s Threat Analysis Group. Since TAG tracks nation-state-sponsored hacking, the discovery likely means that government-sponsored hackers are behind the zero-day exploits.
Two more zero-days are privilege escalation vulnerabilities, a class of vulnerabilities that, when combined with a separate vulnerability or exploited by someone who already has limited system privileges on a device, elevates system privileges to those necessary to install code or access. enter passwords and manage the device. As security in applications and operating systems has improved over the past decade, EoP vulnerabilities have grown in importance.
CVE-2022-41073 affects the Microsoft print spooler, while CVE-2022-41125 is located in the Windows CNG Key Isolation Service. Both EoP vulnerabilities were discovered by the Microsoft Security Threat Intelligence team.
The last zero day fixed this month is also on Windows. CVE-2022-41091 allows hackers to create malicious files that evade WebMark protections designed to work with security features in Microsoft Office, such as Protected View. Will Dormann, senior analyst at security firm ANALYGENCE, discovered the bypass technique in July.
In total, this month’s Tuesday Update fixed a total of 68 vulnerabilities. Microsoft gave 11 of them a severity rating of “critical” and the rest carry an “important” rating. Patches are usually installed automatically within about 24 hours. Those who want to install updates immediately can go to Windows > Settings > Updates & Security > Windows Update. A complete summary of Microsoft here.
Leave a Comment